Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable
Open Source

Community-driven technology to reduce cloud exposures

We’re on a mission to empower everyone to secure their cloud environment. With intuitive open source tooling, the cloud native community can work together to isolate and eradicate cloud exposures, ultimately creating a more secure cloud environment for all.

Abstract image of server cluster

Join the Tenable open source community

Exposure Management Expertise

Contribute

Whether you're a seasoned DevSecOps pro or just starting your security career, there’s a place for you to contribute to Tenable Open Source projects. Find us on GitHub here and get started today.

Breadth and Depth of Exposure data

Collaborate

Share best practices, open source contributions or tips and tricks of the trade while rallying around the common goal of holistic cloud security.

Data Science Leadership

Secure

Shift security into the application development lifecycle and further cyber security education with easy-to-use tooling.

Tenable open source community projects

Uniting security professionals, students and open source contributors to foster innovation.

Terrascan by Tenable

With Terrascan, you can scan nearly all infrastructure as code (IaC) types for misconfigurations and compliance violations with more than 500 out-of-the-box policies. Terrascan leverages the Open Policy Agent (OPA) engine so you can easily create custom policies using the Rego query language. Integrate into your CI/CD, use locally or test code in your browser to see how effective preventive security can be. With 4,000 GitHub stars and 1.8 million downloads, Terrascan is one of the most beloved open source cloud security tools in the world.

Try it now

This 45-second video shows how Terrascan reduces cloud exposures by scanning code that provisions cloud infrastructure.

CNAPPgoat

CNAPPgoat

CNAPPgoat is an open source project for safe testing of cloud security skills, processes and tools in an easy-to-deploy-and-destroy sandbox environment. This enables defenders to test detection and prevention mechanisms against vulnerabilities and misconfigurations, while providing offensive professionals practice environments. With a large and expanding library of scenarios, DevSecOps teams can validate defenses in customized environments and simulate unsecured and vulnerable assets.

Learn more
Access undenied AWS

Access undenied AWS

Access Undenied on AWS is an open source command-line interface (CLI) tool that analyzes and gives context to AWS CloudTrail AccessDenied events. It works by scanning the environment to identify and explain event reasons and offers actionable least-privilege remediation suggestions. Give the tool a CloudTrail event with an “Access Denied” outcome, and it will tell you how to fix it within seconds.

Learn more

Related products